Customer Responsibilities for Amazon EC2
Question
In the shared responsibility model for infrastructure services, such as Amazon Elastic Compute Cloud, which of the below two are customers responsibility?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: B, E.
In the shared responsibility model, AWS is primarily responsible for “Security of the Cloud.” The customer is responsible for “Security in the Cloud.” In this scenario, the mentioned AWS product is IAAS (Amazon EC2) and AWS manages the security of the following assets:
- Facilities.
- Physical security of hardware.
- Network infrastructure.
- Virtualization infrastructure.
Customers are responsible for the security of the following assets:
- Amazon Machine Images (AMIs)
- Operating systems.
- Applications.
- Data in transit.
- Data at rest.
- Data stores.
- Credentials.
- Policies and configuration.
Option A is incorrect.
Refer to the explanation above and link in the references for more details.
Option B is Correct.
Refer to the explanation above and link in the references for more details.
Option C is incorrect.
Refer to the explanation above and link in the references for more details.
Option D is incorrect.
Refer to the explanation above and link in the references for more details.
Option E is correct.
Refer to the explanation above and link in the references for more details.
References:
https://docs.aws.amazon.com/whitepapers/latest/aws-security-best-practices/know-the-aws-shared-responsibility-model.htmlThe shared responsibility model is a key concept in cloud computing that helps to define the roles and responsibilities of both the cloud provider and the customer. In this model, the provider is responsible for the security of the cloud infrastructure, while the customer is responsible for the security of the data and applications they deploy on the cloud.
When it comes to infrastructure services such as Amazon Elastic Compute Cloud (EC2), the shared responsibility model applies to both the underlying infrastructure and the virtual machines that run on it. Specifically, Amazon is responsible for securing the physical infrastructure of its data centers, as well as the hypervisor and the operating system that manages the virtual machines. On the other hand, the customer is responsible for securing the applications and data they deploy on the virtual machines.
Out of the options given, the two responsibilities that fall under the customer's responsibility in the shared responsibility model for EC2 are:
E. Policies and configuration: The customer is responsible for configuring and maintaining the security settings of their virtual machines, such as setting up firewalls, applying security patches, and implementing access controls. They are also responsible for defining policies that govern how their applications and data are accessed and used.
B. Amazon Machine Images (AMIs): An Amazon Machine Image (AMI) is a pre-configured virtual machine that customers can use to create new instances on EC2. While Amazon is responsible for securing the underlying infrastructure that runs AMIs, the customer is responsible for ensuring that the AMIs they use are secure and up-to-date. This includes verifying that the AMIs are free of vulnerabilities, have the latest security patches, and adhere to the customer's security policies.
The other options are responsibilities that fall under Amazon's responsibility in the shared responsibility model:
A. Network infrastructure: Amazon is responsible for securing the network infrastructure that connects EC2 instances to the internet and to other AWS services.
C. Virtualization infrastructure: Amazon is responsible for securing the hypervisor and the virtualization infrastructure that manages EC2 instances.
D. Physical security of hardware: Amazon is responsible for securing the physical infrastructure of its data centers, including the servers, storage devices, and networking equipment that run EC2.
